How Defense Companies Can Meet Evolving Regulations
How do you drive innovative product development and stay ahead of the competition, while ensuring regulatory compliance? This is a common dilemma for most aerospace and defense companies, as they try to keep up with today’s ever-changing industry standards.
We asked Arena’s Customer Success Coach Marshall Wood to tell us about his background and share some tips on how companies can best leverage cloud-based product lifecycle management (PLM) software to mitigate compliance risks and position themselves for success.
Shelly: Marshall, please tell us about your background and how you arrived at Arena.
Marshall: I received my bachelor’s degree in computer system engineering at the University of Massachusetts Amherst. After completing my undergraduate studies, I worked in a hardware diagnostics group for a few years. During that time, my focus shifted to design verification and design for testability for application-specific integrated circuits (ASICs). I then went on to support all the computer-aided design (CAD) packages and other software that engineers were using for product development.
My first introduction to PLM was in 2000 when I was tasked with implementing a system at WaterCove Networks. Later, I went on to work at a PLM software company called Omnify Software. During that time, I implemented the PLM software solution for over 100 customers across many industries, including medical device manufacturing, defense, high tech, and consumer electronics. These companies ranged in size from small startups to large multinational companies with thousands of employees. In my role, I wore many hats—performing implementations, product training, customer support, documentation, as well as software development and validation.
I worked at Omnify for 18 years until it was acquired by Arena Solutions. Since then, I have worked for Arena, which is now part of PTC, as a customer success coach.
Shelly: Describe your role as a customer success coach.
Marshall: I primarily support clients in the defense and aerospace industries. My role is to ensure that customers are using the Arena PLM platform to its fullest potential and that their needs are met.
Sometimes I receive direct inquiries from customers that require a quick 5-minute phone call. On other occasions, a web conference meeting or tutorial is needed to aid the customer. I also routinely check in with customers via phone or email to make sure that everything is running smoothly and that they are taking advantage of our latest PLM software features.
Shelly: What are some of the common product development challenges that you observe with customers in the defense industry?
Marshall: I think the most common challenge for defense companies is keeping track of the ever-changing industry regulations and achieving compliance. I receive many inquiries from customers who want to understand if and/or how certain regulations impact their business. They also want to know how Arena PLM supports the various regulatory requirements.
A very specific obstacle for defense customers is restricting or hiding certain product information from a particular set of Arena PLM users to adhere to different regulations. A customer might have 1,000 users in the system, but only 600 of them are allowed to access certain types of product information. This can be very overwhelming, as it requires the ability to easily identify the types of information that need to be restricted. It also requires full visibility into everyone who has access to product data and when they access it.
Shelly: What types of regulations or laws exist for companies in the defense industry?
Marshall: Companies developing products for the defense and aerospace industries are subject to various export control regulations, including ITAR (International Traffic in Arms Regulations) and EAR (Export Administration Regulations). These laws govern the export of defense articles, including technology and technical data. Enterprise PLM solutions and other systems handling ITAR- and EAR-regulated data must maintain this data within the U.S., provide cybersecurity protections, and enable controlled user access.
Other regulations such as DFARS (Defense Federal Acquisition Regulation Supplement), CMMC (Cybersecurity Maturity Model Certification), and NIST (National Institute of Standards and Technology) ensure that defense companies and suppliers adopt the necessary cybersecurity measures to protect sensitive information.
FedRAMP (Federal Risk and Authorization Management Program) is a cybersecurity standard that applies specifically to cloud-based platforms that are used by U.S. federal agencies and government contractors. This is an important standard, as it ensures consistency in evaluating and monitoring cloud services.
Shelly: How does Arena PLM support defense companies in meeting the demands of these different regulations?
Marshall: Our team of in-house experts have extensive knowledge of the different regulations that impact product manufacturers in the defense industry. Our role is to help customers understand which regulations are pertinent to their product development processes and how to best utilize Arena PLM. As regulations evolve or as new ones are introduced, we provide customers with the necessary documentation to demonstrate that our PLM system meets compliance.
Arena PLM for AWS GovCloud is purposefully designed with security control processes that are consistent with the requirements of NIST and other regulatory standards. This includes addressing internal and external audits, software vulnerability assessments, continuous security monitoring, and built-in redundancies for disaster recovery.
Shelly: What are the PLM software “must haves” to help defense companies better navigate and meet today’s regulations?
Marshall: The software company that a defense company partners with should be just that—a partner that understands and follows the regulations pertinent to the industry. Arena understands this, as demonstrated by the original rollout of our AWS GovCloud product and our subsequent work to implement a framework of controls that meets the security requirements equivalent to those established by the government for the FedRAMP Moderate baseline.
Of course, the PLM system must satisfy the current security objectives of each customer. I’m talking about confidentiality, data integrity, and availability. You must understand the impact of potential security events, as well as how the system mitigates those possibilities through things like data encryption, system monitoring, and maintenance.
PLM software must be configurable to the extent that sensitive data can be flagged and hidden from selected end users. The system should be capable of running user activity reports so that you can identify breaches and correct them.
Shelly: What advice or tips do you typically offer to defense customers to help maximize their investment with Arena PLM?
Marshall: From the start, you should develop a clear strategy to determine the best way to implement Arena PLM. This involves having a good understanding of your existing processes, product data, and everyone who can access it—including your external supply chain partners.
Furthermore, ask these key questions:
- What type of product information is available to your internal and external product teams?
- Are your products subject to export regulations?
- Where will your products be sold?
- Where are your PLM users (including suppliers) located?
These factors will dictate the types of export control and cybersecurity regulations that apply. They will also help you determine the user access controls that are required for the PLM system.
Ultimately, you should mitigate any compliance risks that might compromise your product development goals or impact your bottom line.
Shelly: How do you envision the defense industry evolving over the next 3-5 years? How will these changes impact PLM?
Marshall: I think existing regulations and standards will continue to evolve to combat evolving threats like phishing and ransomware attacks, and new regulations will continue to surface over the next few years. Our Cloud PLM solution will adopt more sophisticated security control measures to satisfy changing requirements. In turn, our domain experts will continue to provide customers with the necessary support to roll with the changes and achieve compliance.
Shelly: What excites you most about working at Arena?
Marshall: I’m constantly amazed by the products that my customers have pioneered in recent years. When I look back 25 years ago, most of the companies I dealt with, or worked for, seemed to be developing some type of networking equipment. Fast-forward to present day and technologies like the Internet of Things (IoT), robotics, augmented reality (AR), and artificial intelligence (AI) are pushing the boundaries of what’s possible to drive innovation.
Shelly: Thank you for sharing your insights! We look forward to catching up in the future and learning about the latest developments.
To learn more about how ITAR, EAR, and other defense-related industry regulations impact your PLM practices, read this ebook.